GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2471?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2471?format=api",
    "vulnerability_id": "VCID-9hzm-uexa-n7gc",
    "summary": "ling and wushi of team509, via\nTippingPoint's Zero Day Initiative program, reported a flaw in part of\nMozilla's DOM constructing code.  This vulnerability can be exploited\nby modifying certain properties of a file input element before it has\nfinished initializing.  When the blur method of the\nmodified input element is called, uninitialized memory is accessed by\nthe browser, resulting in a crash.  This crash may be used by an\nattacker to run arbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.",
    "aliases": [
        {
            "alias": "CVE-2008-5021"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1088?format=api",
            "purl": "pkg:mozilla/Firefox@3.0.4",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1089?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.1.13",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.13"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021",
            "reference_id": "CVE-2008-5021",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55",
            "reference_id": "mfsa2008-55",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzm-uexa-n7gc"
}